On Mon, Mar 13, 2023, Jason Chen CJ wrote: > There are similar use cases on x86 platforms requesting protected > environment which is isolated from host OS for confidential computing. What exactly are those use cases? The more details you can provide, the better. E.g. restricting the isolated VMs to 64-bit mode a la TDX would likely simplify the pKVM implementation. > HW solutions e.g. TDX [5] also exist to support above use cases. But > they are available only on very new platforms. Hence having a software > solution on massive existing platforms is also plausible. TDX is a software solution, not a hardware solution. TDX relies on hardware features that are only present in bleeding edge CPUs, e.g. SEAM, but TDX itself is software. I bring that up because this RFC, especially since it's being posted by folks from Intel, raises the question: why not utilize SEAM to implement pKVM for x86?
